Unique DEEP WordPress HTTPS (broken) Mixed-content HTTP Warnings even with Automatic HTTPS Rewrites Enabled ¯\_(ツ)_/¯

Hi Cloudflare Community!

Ran into a brick wall here.

I’m quite experienced in web hosting and WordPress, however the other day I added YouTube embedded videos (which automagically added the YouTube API in my header tag somewhere in WordPress for the embeds/iframes to work, however I noticed this link is in HTTP from Chrome’s WebDev Tools security tab).

  • Also, Chrome WebDev Tools is showing that the images in my slider are loading off my server’s IP address URL in HTTP. I only use HTTPS at the Cloudflare level but the images should be being served through my domain name which is covered my HTTPS at the Cloudflare level. Other images in different sections are served this way, so I’m dumbfounded why only this one section at the top of my site is affected by this…

Explains why Facebook’s browser blocks those images… You can test for yourself: [https://stefancaliaro.com](My Site)

I tried wordpress .org/plugins/ssl-insecure-content-fixer/ this plugin and put on the "Capture

Everything on the page, from the header to the footer:

  • capture the whole page and fix scripts, stylesheets, and other resources
  • excludes AJAX calls, to prevent some compatibility and performance problems" setting but still the images load via http ip address …

The weird thing is though, when I go to my WordPress gallery internally inside admin dashboard, the images load under my domain name in https… so it seems like it’s to do with something how WordPress is serving the image URLs externally. I’m using elementor .com (Page Builder) to create the website so I don’t have to code much at all. (Just minor HTMl/CSS tweaks if I need).

I’d love to get this fixed ASAP! Thank you.

Cloudflare only let’s me post 2 links and 1 image in a post because apparently I’m still a new forum user after 8 months? Sigh, just look at my Drive folder. :slight_smile:

blog .Cloudflare .com/fixing-the-mixed-content-problem-with-automatic-https-rewrites/

Thank you!

Do you have any cache plugin? Try to purge the cache completely if you do. If that doesn’t help, try to disable the plugin altogether, just for the test.

1 Like

There you go. Fix those files / links without a padlock.


But it seems more to be problem of your theme itsef?

Full results


Thank you, I was already aware of those links being routed directly to the origin server via IP address shown in Chrome WebDev Tools security tab. The weird thing is I’m not sure where in the theme’s code it is pointing to load from IP address. It’s using Elementor.com, maybe I need to raise a ticket with them, their software hasn’t been bug-free.

My only cause would be: I was initially working via the server’s IP address before I switched it over to Cloudflare to access my WordPress dashboard via the domain name instead.

How Chrome & Firefox show HTTPS for my site:

Annoying issue but at least it isn’t a straight out red cross / block.

This is the front-end code in question that’s causing images to load via IP address. But there’s no way in Elementor to change this except for maybe deleting the entire element and starting again. (Took awhile to get all that setup).

This topic was automatically closed after 30 days. New replies are no longer allowed.